An FTC Data Breach Enforcement Action Hits A Wall
November 30, 2015
A Federal Trade Commission administrative law judge has dismissed the FTC’s case against LabMD Inc., a clinical testing laboratory. The FTC had invoked Section 5 of the FTC Act, alleging that LabMD had failed to provide adequate security for personal information it held and thereby caused or was likely to cause substantial injury, in violation of the Section 5 prohibition on unfair acts or practices. Not only did the ALJ’s decision throw into question the degree to which the data in this case had been compromised, it questioned projections about probable consumer harm, in part because no victims could be identified even though seven years had passed since the breach. Instead the FTC could point only to an “unspecified and hypothetical” risk of future harm. Attorneys from Perkins Coie note this decision, if it stands, will be a “significant setback” in the FTC’s efforts to use its unfairness authority in data breach cases. However, they also point out that FTC staff can appeal the decision to the FTC Commissioners, and if LabMD loses before the Commission it can take the case to a federal court of appeals, and indeed since this article appeared the case has been appealed to the Commission.
Read full article at:
Share this post: